Latest stories — Page 35

Policy & Regulation

AI-Driven OT Security Is Only as Good as the Telemetry Feeding It

Fewer than 10 percent of OT networks have meaningful monitoring in place, according to the 2026 Dragos OT Cybersecurity Year in Review. Until that changes, layering machine-learning tools on top of industrial control systems may create more risk than it resolves.

5 min
AI Security

Microsoft Wires Agentic AI Into Edge for Business — With an Audit Leash Attached

A limited preview of Edge for Business introduces Copilot-driven task automation alongside Microsoft Purview controls that log, filter, and block sensitive data before it leaves the tenant.

3 min
Policy & Regulation

Authorities Shut Down First VPN Over Criminal Ties

A European crackdown takes out a VPN aiding crime, but raises wider privacy concerns.

2 min
Identity & Access

Kali365 Phishing Kit Hijacks Microsoft OAuth Tokens to Silently Bypass MFA

The FBI has flagged a device-code phishing campaign powered by Kali365, a toolkit that steals OAuth tokens tied to Microsoft 365 accounts without ever touching a user's password.

3 min
Ransomware

More Than Half of CISOs Would Pay a Ransomware Demand. The Maths Are Not Flattering.

A survey of 750 CISOs in the US and UK finds 58% would hand over money to ransomware operators — despite law enforcement advice, incomplete decryption rates, and the lingering question of whether the data stays exclusive.

3 min
Vulnerabilities

A Three-Year-Old Chromium Bug Can Turn Your Browser Into a Bot — And It's Still Not Fixed

An unpatched flaw in Chromium's Background Fetch API lets malicious websites keep service workers alive indefinitely, enabling crypto mining, DDoS participation, and persistent tracking across browser restarts.

3 min
Vulnerabilities

Your CI Pipeline Is Already Too Late — CVE Lite CLI Disagrees With Your Entire Workflow

An OWASP-backed JavaScript dependency scanner built by Sonu Kapoor wants to catch vulnerable packages the moment a developer types the install command, not when the build breaks at 2 a.m.

3 min
AI Security

Treat the Model Like a Threat: Why AI Agent Security Needs a Systems Overhaul

A paper from researchers at Google and two US universities argues that prompt-level defences and alignment tuning are structurally inadequate for securing autonomous AI agents — and that enterprises should start treating the model itself as an untrusted component.

3 min
AI Security

Ten Thousand Bugs, One Model: Inside Anthropic's Project Glasswing

Claude Mythos Preview has scanned more than a thousand open-source projects and surfaced thousands of critical flaws. The bottleneck has moved — and the patch queue is not moving fast enough.

3 min
Identity & Access

Kali365 and EvilTokens: The New Phishing-as-a-Service Threat

Professional phishing kits lower barriers for attackers, bypassing MFA with ease.

2 min
Vulnerabilities

Unpatched Flaws Now Outpace Stolen Credentials as the Leading Breach Entry Point

Verizon's 2025 DBIR puts vulnerability exploitation at 31% of breach root causes. Median patch time has climbed to 43 days, and only 26% of CISA KEVs were fully remediated — a gap attackers are sprinting through.

4 min
AI Security

AI Governance Is Broken Because It Still Lives Outside the Pipeline

Building compliance as a post-ship review layer made sense for static software. For AI systems that mutate overnight, it is organizational negligence dressed up as process.

3 min
Threat Intelligence

TrapDoor: The Supply Chain Campaign That Wants Your Whole Dev Environment, Not Just Your Secrets

A cross-registry malware campaign hitting npm, PyPI, and Crates.io is going after CI/CD pipelines, SSH trust chains, and AI coding assistant files — not just credentials on install.

3 min
Opinion

Twenty Years of Cyber Lessons and We're Still Losing on the Basics

The industry spent two decades reinventing its philosophy — perimeter defense to assume-breach — yet the attacks that still hit hardest exploit the same unpatched, misconfigured, un-MFA'd mistakes we should have buried years ago.

3 min
Identity & Access

AI Agent Identities Are Redrawing Enterprise IAM Budgets

New Omdia research finds that the rapid spread of AI agent deployments is forcing organisations to treat non-human identities as a distinct governance category, with budget implications that traditional identity and access management frameworks were not designed to absorb.

3 min
Vulnerabilities

Two Defender flaws under active exploitation, Microsoft confirms

A SYSTEM-level link-following bug and a denial-of-service issue in Microsoft Defender are both being abused in the wild.

2 min
Threat Intelligence

The Boring Attacks Are Winning: Why Defenders Keep Losing to Trusted Tools

Leaked tokens, poisoned npm packages, and login replays are doing more damage than zero-days this quarter. Here is how to spot the pattern before it spots you.

3 min
Threat Intelligence

Showboat: A Modular Linux Backdoor Quietly Camped in a Middle East Telco Since 2022

Lumen's Black Lotus Labs ties the SOCKS5-capable implant to a years-long intrusion at a regional carrier, with an in-memory loader and ELF payloads that sidestep most host telemetry.

2 min
Vulnerabilities

Cisco's Secure Workload Earns a Perfect 10, in the Wrong Sense

An unauthenticated REST API flaw rated CVSS 10.0 lets remote attackers help themselves to sensitive data. Cisco has issued fixes.

2 min
Vulnerabilities

CISA's KEV List Just Picked Up Langflow and Apex One — Both Already Being Hit

Two flaws, one AI workflow tool and one veteran endpoint suite, now carry a federal patch deadline because attackers got there first.

2 min
Vulnerabilities

When the Hardware Isn't There: Coaxing Vulnerable Drivers Into Range

BYOVD research keeps colliding with a stubborn problem — many kernel drivers refuse to talk unless their device is plugged in. New work shows how to make them talk anyway.

2 min
© 2026 Threat Vectr